Operating System: OpenBSD 4.4

Installation

First grab the necessary compiled packages from OpenBSD.

export PKG_PATH=ftp://carroll.cac.psu.edu/pub/OpenBSD/4.4/packages/amd64
pkg_add db-4.6.21.tgz neon-0.26.2.tgz

Then get the Apache source code for the HTTP server, configure and install. Use a 2.2.x version.

cd /usr/src
http://www.gtlib.gatech.edu/pub/apache/httpd/httpd-2.2.x.tar.gz
tar zxvf httpd-2.2.x.tar.gz
cd http-2.2.x
./configure --with-included-apr --with-berkeley-db=/usr/local --enable-shared=yes --enable-dav --enable-so --enable-rewrite --enable-ssl
make
make install

Next get the newest Subversion source code, configure and install.

cd /usr/src
wget subversion-1.5.x.tar.gz
tar zxvf subversion-1.5.x.tar.gz
cd subversion-1.5.x
./configure --with-apr=/usr/local/apache2/bin/apr-1-config --with-apxs=/usr/local/apache2/bin/apxs --with-neon=/usr/local

Add the proper user to run the httpd daemon

useradd -u3690 -g=uid -c"Apache2" -d/var/empty -s/sbin/nologin _apache2

Configuration

Setup the initial repository with the svncreate command and make the user running the web service the owner, since they will be the user actually modifying the repository files.

mkdir /home/svn
svnadmin create /home/svn/myproject
chown -R _apache2:_apache2 /home/svn/

Now edit your main httpd.conf file in /usr/local/apache2/conf/ to read these changes. They’re not all in the same place, just scattered throughout the file. The first two changes should already be there after installing the Subversion source, just require slight modification. The last “location” change you’ll need to add manually. You’ll see the dav_svn* files in there, we’ll get to those next.

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
...
User _apache2
Group _apache2
...
<Location /svn>
  DAV svn
  SVNListParentPath on
  SVNParentPath /home/svn
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile /etc/svn/dav_svn.passwd
    AuthzSVNAccessFile /etc/svn/dav_svn.control
    Require valid-user
</Location>

Now we can create the username/password files along with the access files.

mkdir /etc/svn
touch /etc/svn/dav_svn.passwd
htpasswd -mb /etc/svn/dav_svn.passwd myuser mypassword

Create the access file to your repositories.

touch /etc/svn/dav_svn.control

And now edit the file. You can set users using r and rw access writes. First you list the repository, and then the folder location after that for more fine grained permissions.

[myproject:/]
myuser = r

[myproject:/trunk/base/code]
myuser = rw

Naturally you’ll want to lock this service down with SSL and possibly make it available outside the network. To simply create a self-signed certificate and add it to Apache, do the following.

openssl genrsa -out /etc/ssl/private/svnserver.key 1024
openssl req -new -key /etc/ssl/private/svnserver.key -out /etc/ssl/private/svnserver.csr
openssl x509 -req -days 365 -in /etc/ssl/private/svnserver.csr -signkey /etc/ssl/private/svnserver.key -out /etc/ssl/svnserver.crt

Now add the lines in the httpd.conf file in /usr/local/apache2/conf/ just about the Location setting.

Listen 443
SSLEngine on
SSLCertificateFile    /etc/ssl/svnserver.crt
SSLCertificateKeyFile /etc/ssl/private/svnserver.key

Edit the rc.conf.local file in /etc/ to turn on Apache.

apache2=YES

And then edit the rc.local file to auto start Apache.

# Apache2 Startup
if [ X"${apache2}" == X"YES" -a -x /usr/local/apache2/bin/httpd ]; then
   /usr/local/apache2/bin/apachectl start &amp;
   echo -n " apache2";
fi

As well as the shutdown file rc.shutdown to kill the process.

# Apache2 Shutdown
if [ X"${apache2}" == X"YES" -a -x /usr/local/apache2/bin/httpd ]; then
   /usr/local/apache2/bin/apachectl stop &amp;
   echo -n " apache2";
fi

Now reboot the server and test access; it should start up automatically.

Maintenance and Use

The best way to use SVN over HTTPS is with Tortoise for Windows or some other tool if using Linux, like RapidSVN.

Adding Additional Users

To add more users, just run the htpasswd command linked to your dav_svn.passwd file, same as the initial configuration for users.

htpasswd -mb /etc/svn/dav_svn.passwd newuser newpassword

And now edit the access file containing the other users and defined in the Apache configuration. You can set users using r and rw access writes. First you list the repository, and then the folder location after that for more fine grained permissions.

[myproject:/]
myuser = r
newuser = r

[myproject:/trunk/base/code]
myuser = rw
newuser = rw

Backing Up the Repositories

To backup a repository, use the svnadmin dump command which will export the entire database and revisions. You can then tar up and gzip the dump file for compression, and back it up to tape or disk somewhere else. There are also incremental backups that can be done of disk/tape space is an issue.

svnadmin dump /home/svn/myproject > /home/backups/myproject_dumpfile

Restoring the Repositories

Restoring the SVN database is simply rewriting all the revisions from the dump back into a database. The restore process also works well for moving an older repository over to a new one since restoring the dump into a new SVN database will update it to that version.

svnadmin create /home/svn/restoredproject
svnadmin load /home/svn/restoredproject < /home/backups/myproject_dumpfile